[ISN] Linux Advisory Watch: September 19th, 2008

From: InfoSec News <alerts_at_private>
Date: Mon, 22 Sep 2008 01:04:29 -0500 (CDT)
+----------------------------------------------------------------------+
| LinuxSecurity.com                                  Weekly Newsletter |
| September 19th, 2008                             Volume 9, Number 38 |
|                                                                      |
| Editorial Team:              Dave Wreski <dwreski_at_private> |
|                       Benjamin D. Thomas <bthomas_at_private> |
+----------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, advisories were released for openssh, git-core, clamav,
koffice, wordnet, mplayer, apache, kolab-server, vpnc, libxml2, rsh,
bzip2, and freetype.  The distributors include Debian, Mandriva, Red
Hat, and Ubuntu.

---

>> Linux+DVD Magazine <<

In each issue you can find information concerning the best use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.

Catch up with what professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software are doing!

http://www.linuxsecurity.com/ads/adclick.php?bannerid=26

---

Review: Hacking Exposed Linux, Third Edition
--------------------------------------------
"Hacking Exposed Linux" by  ISECOM (Institute for Security and Open
Methodologies) is a guide to help you secure your Linux environment.
This book does not only help improve your security it looks at why you
should. It does this by showing examples of real attacks and rates the
importance of protecting yourself from being a victim of each type of
attack.

http://www.linuxsecurity.com/content/view/141165

---

Security Features of Firefox 3.0
--------------------------------
Lets take a look at the security features of the newly released Firefox
3.0. Since it's release on Tuesday I have been testing it out to see
how the new security enhancements work and help in increase user
browsing security.  One of the exciting improvements for me was how
Firefox handles SSL secured web sites while browsing the Internet.
There are also many other security features that this article will look
at. For example, improved plugin and addon security.

Read on for more security features of Firefox 3.0.

http://www.linuxsecurity.com/content/view/138972

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!  <--
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf             <--

------------------------------------------------------------------------

* EnGarde Secure Community 3.0.20 Now Available (Aug 19)
  ------------------------------------------------------
  Guardian Digital is happy to announce the release of EnGarde Secure
  Community 3.0.20 (Version 3.0, Release 20). This release includes
  many updated packages and bug fixes and some feature enhancements to
  the EnGarde Secure Linux Installer and the SELinux policy.

  In distribution since 2001, EnGarde Secure Community was one of the
  very first security platforms developed entirely from open source,
  and has been engineered from the ground-up to provide users and
  organizations with complete, secure Web functionality, DNS, database,
  e-mail security and even e-commerce.

  http://www.linuxsecurity.com/content/view/141173

------------------------------------------------------------------------

* Debian: New openssh packages fix denial of service (Sep 16)
  -----------------------------------------------------------
  It has been discovered that the signal handler implementing the login
  timeout in Debian's version of the OpenSSH server uses functions
  which are not async-signal-safe, leading to a denial of service
  vulnerability (CVE-2008-4109).

  http://www.linuxsecurity.com/content/view/142094

* Debian: New git-core packages fix buffer overflow (Sep 15)
  ----------------------------------------------------------
  Multiple vulnerabilities have been identified in git-core, the core
  of the git distributed revision control system.  Improper path length
  limitations in git's diff and grep functions, in combination with
  maliciously crafted repositories or changes, could enable a stack
  buffer overflow and potentially the execution of arbitrary code.

  http://www.linuxsecurity.com/content/view/142083

------------------------------------------------------------------------

* Mandriva: Subject: [Security Announce] [ MDVSA-2008:189-1 ] clamav (Sep 17)
  ---------------------------------------------------------------------------
  Multiple vulnerabilities were discovered in ClamAV and corrected with
  the 0.94 release, including: A vulnerability in ClamAV's chm-parser
  allowed remote attackers to cause a denial of service (application
  crash) via a malformed CHM file (CVE-2008-1389).

  http://www.linuxsecurity.com/content/view/142225

* Mandriva: Subject: [Security Announce] [ MDVSA-2008:197-1 ] koffice (Sep 17)
  ----------------------------------------------------------------------------
  Kees Cook of Ubuntu security found a flaw in how poppler prior to
  version 0.6 displayed malformed fonts embedded in PDF files. An
  attacker could create a malicious PDF file that would cause
  applications using poppler to crash, or possibly execute arbitrary
  code when opened (CVE-2008-1693).

  http://www.linuxsecurity.com/content/view/142220

* Mandriva: Subject: [Security Announce] [ MDVSA-2008:198 ] R-base (Sep 16)
  -------------------------------------------------------------------------
  A symlink vulnerability was found in the javareconf script in R that
  allows local users to overwrite arbitrary files (CVE-2008-3931). The
  updated packages have been patched to prevent this issue.

  http://www.linuxsecurity.com/content/view/142095

* Mandriva: Subject: [Security Announce] [ MDVSA-2008:197 ] koffice (Sep 15)
  --------------------------------------------------------------------------
  Kees Cook of Ubuntu security found a flaw in how poppler prior to
  version 0.6 displayed malformed fonts embedded in PDF files. An
  attacker could create a malicious PDF file that would cause
  applications using poppler to crash, or possibly execute arbitrary
  code when opened (CVE-2008-1693).

  http://www.linuxsecurity.com/content/view/142090

* Mandriva: Subject: [Security Announce] [ MDVSA-2008:182-1 ] wordnet (Sep 15)
  ----------------------------------------------------------------------------
  Rob Holland found several programming errors in WordNet which could
  lead to the execution or arbitrary code when used with untrusted
  input (CVE-2008-2149, CVE-2008-3908).

  http://www.linuxsecurity.com/content/view/142089

* Mandriva: Subject: [Security Announce] [ MDVSA-2008:196 ] mplayer (Sep 15)
  --------------------------------------------------------------------------
  Uncontrolled array index in the sdpplin_parse function in
  stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers
  to overwrite memory and execute arbitrary code via a large streamid
  SDP parameter.

  http://www.linuxsecurity.com/content/view/142088

* Mandriva: Subject: [Security Announce] [ MDVSA-2008:195 ] apache (Sep 13)
  -------------------------------------------------------------------------
  A vulnerability was discovered in the mod_proxy module in Apache
  where it did not limit the number of forwarded interim responses,
  allowing remote HTTP servers to cause a denial of service (memory
  consumption) via a large number of interim responses (CVE-2008-2364).

  http://www.linuxsecurity.com/content/view/142036

* Mandriva: Subject: [Security Announce] [ MDVSA-2008:194 ] apache2 (Sep 13)
  --------------------------------------------------------------------------
  A cross-site scripting vulnerability was found in the mod_proxy_ftp
  module in Apache that allowed remote attackers to inject arbitrary
  web script or HTML via wildcards in a pathname in an FTP URI
  (CVE-2008-2939).

  http://www.linuxsecurity.com/content/view/142035

* Mandriva: Subject: [Security Announce] [ MDVSA-2008:193 ] kolab-server (Sep 13)
  -------------------------------------------------------------------------------
  Gavin McCullagh of Griffith College Dublin reported an issue in Kolab
  v1 where user passwords were being recorded in the Apache log files
  due to Kolab using HTTP GET requests rather than HTTP POST requests.
  This would allow any users with access to the Apache log files to
  harvest user passwords and possibly other sensitive data. The patch
  to fix this problem also corrects and issue where non-alphanumeric
  characters in passwords, set via the Kolab web interface, did not
  work.

  http://www.linuxsecurity.com/content/view/142034

* Mandriva: Subject: [Security Announce] [ MDVA-2008:122 ] vpnc (Sep 11)
  ----------------------------------------------------------------------
  The vpnc package that shipped with Mandriva Linux 2008.1 was missing
  the cisco-decrypt binary, which is used for converting Cisco VPN
  client profile files encrypted passwords.  As a result, any call to
  pcf2vpnc failed due to the missing binary.  This update provides the
  missing binary.

  http://www.linuxsecurity.com/content/view/142010

* Mandriva: Subject: [Security Announce] [ MDVA-2008:120 ] draksnapshot (Sep 11)
  ------------------------------------------------------------------------------
  This update fixes several minor issues with draksnapshot, such as
  backups not being completed due to bad permissions. A number of fixes
  were done to the applet as well, including notifications showing as
  information instead of warnings.  Draksnapshot now no longer
  auto-disables after configuring, and it only pops up if a USB disk is
  mounted.  Finally, it now prevents showing the panel icon before the
  bubble, so the latter is correctly placed.

  http://www.linuxsecurity.com/content/view/142008

* Mandriva: Subject: [Security Announce] [ MDVSA-2008:192 ] libxml2 (Sep 11)
  --------------------------------------------------------------------------
  A heap-based buffer overflow was found in how libxml2 handled long
  XML entity names.  If an application linked against libxml2 processed
  untrusted malformed XML content, it could cause the application to
  crash or possibly execute arbitrary code (CVE-2008-3529).

  http://www.linuxsecurity.com/content/view/142007

* Mandriva: Subject: [Security Announce] [ MDVSA-2008:191 ] rsh (Sep 11)
  ----------------------------------------------------------------------
  A vulnerability in the rcp protocol was discovered that allows a
  server to instruct a client to write arbitrary files outside of the
  current directory, which could potentially be a security concern if a
  user used rcp to copy files from a malicious server (CVE-2004-0175).

  http://www.linuxsecurity.com/content/view/142006

------------------------------------------------------------------------

* RedHat: Critical: RealPlayer security update (Sep 17)
  -----------------------------------------------------
  RealPlayer 10.0.9 as shipped in Red Hat Enterprise Linux 3 Extras, 4
  Extras, and 5 Supplementary, contains a security flaw and should not
  be used. This update has been rated as having critical security
  impact by the Red Hat Security Response Team. [Updated 17 September
  2008]

  http://www.linuxsecurity.com/content/view/142221

* RedHat: Moderate: bzip2 security update (Sep 16)
  ------------------------------------------------
  Updated bzip2 packages that fix a security issue are now available
  for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been
  rated as having moderate security impact by the Red Hat Security
  Response Team.

  http://www.linuxsecurity.com/content/view/142093

* RedHat: Important: libxml2 security update (Sep 11)
  ---------------------------------------------------
  A denial of service flaw was found in the way libxml2 processed
  certain content. If an application linked against libxml2 processed
  malformed XML content, it could cause the application to use an
  excessive amount of CPU time and memory, and stop responding.
  (CVE-2003-1564)

  http://www.linuxsecurity.com/content/view/141784

* RedHat: Important: libxml2 security update (Sep 11)
  ---------------------------------------------------
  Updated libxml2 packages that fix a security issue are now available
  for Red Hat Enterprise Linux 3, 4, and 5. A heap-based buffer
  overflow flaw was found in the way libxml2 handled long XML entity
  names. If an application linked against libxml2 processed untrusted
  malformed XML content, it could cause the application to crash or,
  possibly, execute arbitrary code. (CVE-2008-3529) This update has
  been rated as having important security impact by the Red Hat
  Security Response Team.

  http://www.linuxsecurity.com/content/view/141783

------------------------------------------------------------------------

* Ubuntu:  libxml2 vulnerabilities (Sep 11)
  -----------------------------------------
  It was discovered that libxml2 did not correctly handle long entity
  names. If a user were tricked into processing a specially crafted XML
  document, a remote attacker could execute arbitrary code with user
  privileges or cause the application linked against libxml2 to crash,
  leading to a denial of service. (CVE-2008-3529)

  http://www.linuxsecurity.com/content/view/142004

* Ubuntu:  FreeType vulnerabilities (Sep 11)
  ------------------------------------------
  Multiple flaws were discovered in the PFB and TTF font handling code
  in freetype.	If a user were tricked into using a specially crafted
  font file, a remote attacker could execute arbitrary code with user
  privileges or cause the application linked against freetype to crash,
  leading to a denial of service.

  http://www.linuxsecurity.com/content/view/142005

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request_at_private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/
Received on Sun Sep 21 2008 - 23:04:29 PDT

This archive was generated by hypermail 2.2.0 : Sun Sep 21 2008 - 23:12:50 PDT